Use the OAuth dialog within the login flows to enable people to log in with your app. You also use it when you need people to grant additional permissions to your app. Facebook's authentication flows are based on the OAuth 2.0 protocol.
To invoke the OAuth dialog, redirect the browser to a URL of the form:
http://www.facebook.com/dialog/oauth/? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URL &state=YOUR_STATE_VALUE &scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES
The OAuth dialog supports the following parameters, which can be passed in the URL string:
||Yes*||Your App ID. This is called
||Yes*||Should not be set when using the JS SDK to invoke the dialogsThe URL to redirect to after a button is clicked or tapped in the dialog. The URL you specify must be a URL of with the same Base Domain as specified in your app's settings, a Canvas URL of the form
||No||A comma separated list of permission names which you would like people to grant your app. Only the permissions people have not already granted your app will be shown|
||No||A unique string used to maintain app state between the request and callback. When Facebook redirects people back to your
||No||The requested response type, one of
||No||The display mode with which to render the dialog. One of
*Important: When using the JS SDK, do not specify
redirect_uri - these will be set by the SDK.
If people authorize your app, the browser redirects to the URL you specified in the
response_type was left unset or was set to the value
code, if people authorize your app, the browser redirects to:
YOUR_REDIRECT_URI? code=OAUTH_CODE_GENERATED_BY_FACEBOOK &state=YOUR_STATE_VALUE
See the server-side authentication documentation for how to exchange this code for a user access token.
response_type was the value
token, if people authorize your app, the browser is redirected to:
YOUR_REDIRECT_URI# access_token=USER_ACCESS_TOKEN &expires_in=NUMBER_OF_SECONDS_UNTIL_TOKEN_EXPIRES &state=YOUR_STATE_VALUE
See the client-side authentication documentation for more on how to handle this response.
If people do not authorize your app, the browser is redirected to:
YOUR_REDIRECT_URI? error_reason=user_denied &error=access_denied &error_description=The+user+denied+your+request. &state=YOUR_STATE_VALUE